Citibank Confirms Hacking Attack

Citibank has confirmed it suffered a data breach with hackers stealing data from thousands of credit card and debit card customers in May.

Around 1 percent of the bank’s 21 million account holders were affected, or about 210,000 individuals. The breach exposed the names of customers, account numbers and contact information. The bank, a subsidiary of Citigroup, which received a bailout from the U.S. government in 2008, said other key data, such as date of birth and card security codes were not compromised.

The nature of the attack has not been confirmed.

The bank has been roundly criticized because it did not tell customers about the breach when it happened. In a statement to Reuters, Citi said: “We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event.”

Congress has discussed the need for legislation requiring companies to inform customers in the event of a data breach following a string of breaches. Michaels, the arts supply store, was hit recently, as were Sony, RSA and Epsilon. Credit unions should be vigilant in their security measures and ensure they follow appropriate procedures to minimize the risk of data breaches.


Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News.